[cabfpub] LEI information in web certificates

Tim Hollebeek tim.hollebeek at digicert.com
Fri Jul 6 13:29:34 MST 2018


 

As many of you are aware, the GLEIF foundation recently invited CA/Browser
Forum members to its identity management workshop.  Some people have
contacted us about the possibility of putting LEI identifiers into web
certificates.  This is in some ways similar to the recent proposal from ETSI
to put additional identity information into certificates, though it has the
advantage that we are free to determine ourselves how best to encode it.

 

CAs are already allowed to include this information in certificates,
assuming it has been appropriately validated.  There is a Global Legal
Entity Identifier Index that is authoritative for LEIs.  However it would be
valuable if there were a standardized CABF OID and extension so that every
CA that chooses to include this information includes it in an interoperable
way.  This also allocates the OID in a namespace we control, allowing us to
state in the BRs the purpose and semantics of the extension, and require
that it only be used for authentic and validated LEIs.

 

It seems to me that it would be worthwhile to standardize this, instead of
every CA coming up with their own way of doing it.  What do other people
think?

 

-Tim

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20180706/229d7ff0/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4940 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/public/attachments/20180706/229d7ff0/attachment.p7s>


More information about the Public mailing list